https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291141#M816384 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>"hitcnt" shows which ACL entry is hit how many times</P><P></P><P>Actually these command provides a packet count or hitcounts</P><P></P><P>This can be used on firewall "show run access-list"</P><P></P><P>This can be used on IOS devices "show ip access-list"</P><P></P><P>examples:</P><P></P><P>access-list acl_inside_out permit tcp any any eq www (hitcnt=3074)</P><P></P><P>The above access-list tells that its has been hit 3074 times.</P><P></P><P>access-list acl_inside_out permit tcp any host X.X.X.X eq smtp (hitcnt=0)</P><P></P><P>The access-list shows no hits against it.</P><P></P><P>You may go through this link for better understanding.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml</A></P><P></P><P>HTH</P><P></P><P>JK</P><P></P><P>Pls rate helpful posts-</P><P></P></BODY></HTML> Fri, 23 Oct 2009 12:18:26 GMT Jatin Katyal 2009-10-23T12:18:26Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291140#M816382 <P>what does this "(hitcnt=*)" mean besides any rule in cisco firewall. </P><P>Also, i'm facing instances where even if the connection is initiated, i dont see anything coming on the firewall ( be it deny/permit/connection buildup). Routes &amp; other factors are fine.</P><P>Please suggest.</P><P>Thanks!</P> Mon, 11 Mar 2019 16:30:34 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291140#M816382 suthomas1 2019-03-11T16:30:34Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291141#M816384 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>"hitcnt" shows which ACL entry is hit how many times</P><P></P><P>Actually these command provides a packet count or hitcounts</P><P></P><P>This can be used on firewall "show run access-list"</P><P></P><P>This can be used on IOS devices "show ip access-list"</P><P></P><P>examples:</P><P></P><P>access-list acl_inside_out permit tcp any any eq www (hitcnt=3074)</P><P></P><P>The above access-list tells that its has been hit 3074 times.</P><P></P><P>access-list acl_inside_out permit tcp any host X.X.X.X eq smtp (hitcnt=0)</P><P></P><P>The access-list shows no hits against it.</P><P></P><P>You may go through this link for better understanding.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml</A></P><P></P><P>HTH</P><P></P><P>JK</P><P></P><P>Pls rate helpful posts-</P><P></P></BODY></HTML> Fri, 23 Oct 2009 12:18:26 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291141#M816384 Jatin Katyal 2009-10-23T12:18:26Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291142#M816386 <HTML><HEAD></HEAD><BODY><P>Thanks, my question was what does the * in hitcnt=* means? &amp; about the logging thing.</P><P></P></BODY></HTML> Fri, 23 Oct 2009 12:27:10 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291142#M816386 suthomas1 2009-10-23T12:27:10Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291143#M816390 <HTML><HEAD></HEAD><BODY><P>The "hit-cnt" is the number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1 when the security appliance generates the first syslog message for this flow. </P><P></P><P>The syslog is here <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049</A></P><P></P><P>I hope it makes sense.</P><P></P><P>PK</P></BODY></HTML> Fri, 23 Oct 2009 13:36:42 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291143#M816390 Panos Kampanakis 2009-10-23T13:36:42Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291144#M816395 <HTML><HEAD></HEAD><BODY><P>Thanks, am sorry if there is any confusion from my question here.My firewall just shows * symbol on certain rules, whereas other rules it shows hitcnt=0. </P><P>what difference does * &amp; 0 indicate here. 0 appears when there is no connection covering this rule. </P><P>What is the case if only * appears?</P><P></P></BODY></HTML> Fri, 23 Oct 2009 15:55:18 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291144#M816395 suthomas1 2009-10-23T15:55:18Z https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291145#M816399 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt; font-family: Times-Roman; ">An asterisk means that the rule has been merged with other rules and thus the hit count cannot be accurate. </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Times-Roman; "> </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Times-Roman; ">Please see </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Times-Roman; "><A href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf">http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/traffc_f.pdf</A></SPAN></P><P><SPAN style="font-size: 10pt; font-family: Times-Roman; "> </SPAN></P><P><SPAN style="font-size: 10pt; font-family: Times-Roman; "> </SPAN></P></BODY></HTML> Wed, 18 Apr 2012 10:59:49 GMT https://community.cisco.com/t5/network-security/firewall-hit-counts/m-p/1291145#M816399 Leigh_Olsen 2012-04-18T10:59:49Z